HP TippingPoint Series Installation and operating manual
*5998-2868*
5998-2868
HP TippingPoint
TippingPoint 10/110/330 Hardware Installation
and Safety Guide
Abstract
This document describes safety guidelines and procedures for hardware installation for the TippingPoint 10,
TippingPoint 110, and TippingPoint 330.
Part number: 5998-2868
Edition: October 2013
Legal and notice information
© Copyright 2010-2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential
damages in connection with the furnishing, performance, or use of this material.
This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or
translated into another language without the prior written consent of Hewlett-Packard. The information is provided “as is” without warranty of any
kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.
TippingPoint® , the TippingPoint logo, and Digital Vaccine® are registered trademarks of Hewlett-Packard. All other company and product names
may be trademarks of their respective holders. All rights reserved. This document contains confidential information, trade secrets or both, which are
the property of Hewlett-Packard No part of this documentation may be reproduced in any form or by any means or used to make any derivative
work (such as translation, transformation, or adaptation) without written permission from Hewlett-Packard or one of its subsidiaries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Microsoft, Windows, Windows NT, and Windows XP are U.S. registered trademarks of Microsoft Corporation.
Oracle® is a registered U.S. trademark of Oracle Corporation, Redwood City, California.
UNIX® is a registered trademark of The Open Group.
Printed in the US.
TippingPoint 10/110/330 Hardware Installation and Safety Guide
TippingPoint 10/110/330 Hardware Installation and Safety Guide 3
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Target Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Typefaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Document Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
TippingPoint Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Security Management System (SMS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
SMS Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
SMS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Intrusion Prevention System Devices (IPS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
IPS Local Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Core Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
High Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Threat Suppression Engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Threat Management Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2 TippingPoint Hardware Safety and Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Safety and Compliance Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Safety Guidelines and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Cautions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Rack and Clearance Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Ventilation and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Environmental Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Reliable Earthing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
ESD Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Hot Swapping Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Unpack the Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3 TippingPoint 10 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chassis Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Hardware Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Hardware Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Install the Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Connect cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Connect the Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
USB Update and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4 TippingPoint 110/330 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Chassis Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Table of Contents
<Manual Title> <Manual Subtitle> <manual type> 4
LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Hardware Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Hardware Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Install the Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Connect cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Connect the Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
USB Update and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
A Connector and Pinout Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
RJ-45 (COM) Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
RJ-45 Ethernet Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
TippingPoint 10/110/330 Hardware Installation and Safety Guide 5
About This Guide
Explains intended audience, where related information is located, and how to obtain
customer support.
Overview
Welcome to the HP TippingPoint N-Platform Hardware Installation and Safety Guide.
This section includes the following items:
•”Target Audience” on page 5
•”Conventions” on page 5
•”Product Documentation” on page 7
•”Customer Support” on page 7
Target Audience
The intended audience includes technicians and maintenance personnel responsible for installing,
configuring, and maintaining TippingPoint security systems and associated devices. Users should be
familiar with networking concepts and the following standards and protocols:
•TCP/IP
•UDP
•ICMP
•Ethernet
•Simple Network Time Protocol (SNTP)
•Simple Mail Transport Protocol (SNMP)
•Simple Network management Protocol (SNMP)
Conventions
This guide uses the following document conventions.
•Typefaces, page 5
•Document Messages, page 6
Typefaces
TippingPoint publications use the following typographic conventions for structuring information:
6
Table 1 Document Typographic conventions
Document Messages
Document messages are special text that is emphasized by font, format, and icons. This <manual type>
contains the following types of messages:
•Warning
•Caution
•Note
•Tip
WARNING! Warning notes alert you to potential danger of bodily harm or other potential harmful
consequences.
CAUTION: Caution notes provide information to help minimize risk, for example, when a failure to follow
directions could result in damage to equipment or loss of data.
NOTE: Notes provide additional information to explain a concept or complete a task. Notes of specific
importance in clarifying information or instructions are denoted as such.
IMPORTANT: Another type of note that provides clarifying information or specific instructions.
TIP: Tips provide helpful hints and shortcuts, such as suggestions about how you can perform a task more
easily or more efficiently.
Convention Element
Medium blue text: Figure 1 Cross-reference links and e-mail addresses
Medium blue, underlined text
(http://www.hp.com)
Web site addresses
Bold font •Key names
•Text typed into a GUI element, such as into a box
•GUI elements that are clicked or selected, such as menu and list
items, buttons, and check boxes. Example: Click OK to accept.
Italics font Text emphasis, important terms, variables, and publication titles.
Monospace font •File and directory names
•System output
•Code
•Text typed at the command-line
Monospace, italic font •Code variables
•Command-line variables
Monospace, bold font Emphasis of file and directory names, system output, code, and text
typed at the command line
TippingPoint 10/110/330 Hardware Installation and Safety Guide 7
Product Documentation
TippingPoint Systems have a full set of documentation. For the most current documentation, check the Threat
Management Center (TMC) Web site at https://tmc.tippingpoint.com.
Customer Support
TippingPoint is committed to providing quality customer support to all of its customers. Each customer is
provided with a customized support agreement that provides detailed customer and support contact
information.
For the most efficient resolution of your problem, take a moment to gather some basic information from your
records and from your system before contacting customer support, including your customer number.
Contact Information
For additional information or assistance, contact the HP TippingPoint Technical Assistance Center (TAC):
Telephone
North America: +1 866 681 8324
International: +1 512 681 8324
For a list of international toll-free contact numbers, consult the following web page:
https://tmc.tippingpoint.com/TMC/Content/support/Support_Contacts
Online Support Request
1. Log on to the TippingPoint Threat Management Center (TMC) with your HP Passport credentials.
NOTE: If you don’t have HP Passport (HPP) credentials, access the TMC and on the Login page, select the
New User Registration option to register for login credentials. If you are an existing registered TMC user
and you have not updated your TMC account to an HPP account, you must log on using your email
address registered on the TMC and reset your password. To reset your password, access the TMC and on
the Login page, select Forgot Password and set a new password.
2. In the menu bar click Support > Support Request.
3. Complete the information required in the Support Request form and submit the form.
E-mail
tippingpoint.support@hp.com
Information Location
Your customer number You can find this number on your Customer Support
Agreement and on the shipping invoice that came with your
TippingPoint system.
Your device serial number You can find this information on the bottom of the server
chassis. Also, from the TippingPoint CLI, you can run the
show version command.
Your device version number From the TippingPoint CLI, you can run the show version
command.
8
TippingPoint 10/110/330 Hardware Installation and Safety Guide 1
1SystemOverview
The TippingPointTM system is a high-speed, comprehensive security system that includes the Intrusion
Prevention System (IPS), TM Local Security Manager (LSM), Digital Vaccine™, the Security Management
System ApplianceTM, and the Core Controller.
Overview
Enterprise security schemes once consisted of a conglomeration of disparate, static devices from multiple
vendors. Today, TippingPoint’s security system provides the advantages of a single, integrated, highly
adaptive security system that includes powerful hardware and an intuitive management interface.
This section includes the following topics:
•”TippingPoint Architecture” on page 1
•”Security Management System (SMS)” on page 2
•”Intrusion Prevention System Devices (IPS)” on page 3
•”Core Controller” on page 4
•”High Availability” on page 4
•”Threat Suppression Engine” on page 5
•”Threat Management Center” on page 5
TippingPoint Architecture
The TippingPoint System uses a flexible architecture that consists of a Java-based SMS Client, SMS
Management Server, IPS device(s), and Local Clients including the Local Security Manager (LSM) and
Command Line Interface (CLI). The system may also include the Core Controller, a hardware appliance that
balances traffic loads for one or more IPSes. The following diagram provides an overview of the
architecture:
Figure 1-1 TippingPoint Architecture
2 System Overview
Security Management System (SMS)
The SMS core components include:
•SMS Secure Server —hardware appliance for managing multiple devices
•SMS Home Page — web-based interface with links to current Client software, documentation, and the
Threat Management Center
•SMS Management Client — Java-based application for Windows or Linux workstations used to manage
your TippingPoint system
•Graphical User Interface (GUI)
•Dashboard
•Command Line Interface (CLI)
The SMS communicates with managed devices that are installed in your network.
The SMS architecture also includes the following components:
•Threat Management Center (TMC) — Centralized service center that monitors global threats and
distributes up-to-date attack filter packages, software updates, and product documentation.
•Digital Vaccine (DV) — Update service that includes up-to-date filter packages for protecting your
network
•Managed Devices — TippingPoint IPS or Core Controller devices that are installed in your network
SMS Server
The SMS Server is an enterprise-class management platform that provides centralized administration,
configuration, monitoring and reporting for well over a hundred TippingPoint IPS devices. The SMS
provides the following functionality:
•Enterprise-wide device status and behavior monitoring — Stores logs and device status
information, manages updates, and monitors filter, device, software, and network status.
•IPS networking and configuration — Stores device information and configures devices
according to the settings that are modified, imported, or distributed by clients. These settings affect the
flow and detection of traffic according to device, segment, or segment group.
•Filter customization — Stores filter customizations in profiles as maintained by the SMS client.
These settings are distributed and imported to devices, which can be reviewed and modified by local
clients. If a device is managed by the SMS Server, the local clients cannot modify settings.
•Filter and software distribution — Monitors and maintains the distribution and import of filters,
Digital Vaccine packages, and software for the TippingPoint Operating System and SMS Client. The
SMS client and Central Management Server can distribute these packages according to segment group
settings. The Central Management Server maintains a link to the Threat Management Center (TMC) for
downloading and installing package updates.
SMS Client
The TippingPoint Security Management System (SMS) client provides services and functions to monitor,
manage, and configure the entire TippingPoint system. This client is a Java-based application installed and
accessed on a computer running the appropriate operating system. Each user receives a specific user level
with enhanced security measures to protect access and configuration of the system.
You can monitor the entire TippingPoint system through the SMS client on a computer with the following
requirements:
•One of the following operating systems:
• Windows 98, 2nd edition
• Windows NT, Service Pack 5 or later
• Windows 2000, Service Pack 3 or later
•WindowsXP
•Windows7
TippingPoint 10/110/330 Hardware Installation and Safety Guide 3
• Apple
•RedHatLinux
•One of the following browsers:
• Microsoft Internet Explorer, version 6.0 or higher
•Firefox
• Safari
The SMS features a policy-based operational model for scalable and uniform enterprise management. It
enables behavior and performance analysis with trending reports, correlation and real-time graphs -
including reports on all, specific, and top attacks and their sources and destinations as well as all, specific,
and top peers and filters for misuse and abuse (peer-to-peer piracy) attacks. You can create, save, and
schedule reports using report templates. All reports are run against system and audit logs stored for each
device managed by the system. These logs detail triggered filters. You can modify, update, and control
distribution of these filters according to segment groups for refined intrusion prevention.
The SMS dashboard provides at-a-glance monitors, with launch capabilities into the targeted management
applications that provide global command and control of TippingPoint. It displays the entries for the top 5
filters triggered over the past hour in various categories, a graph of triggered filters over the past 24 hours,
the health status of devices, and update versions for software of the system. Through the Dashboard, you
gain an overview of the current performance of your system, including notifications of updates and
possible issues with devices monitored by the SMS.
Intrusion Prevention System Devices (IPS)
Intrusion Prevention System (IPS) devices protect your network with the Threat Suppression Engine (TSE) by
scanning, detecting, and responding to network traffic according to the filters, action sets, and global
settings maintained on each device by a client.
Each device provides intrusion prevention for your network according to the number of network
connections and hardware capabilities. IPS devices also have built-in intrinsic high-availability features,
guaranteeing that the network keeps running in the event of system failure.
TippingPoint Intrusion Prevention Systems are optimized to provide high resiliency, high availability security
for remote branch offices, small-to-medium and large enterprises and collocation facilities. Each
TippingPoint can protect network segments from both external and internal attacks.
Multiple TippingPoint devices can be deployed to extend this unsurpassed protection to hundreds of
enterprise zones. You can monitor and manage the devices by using the local client available on each
device, or by using the SMS client to monitor and manage well over a hundred devices. The TippingPoint
660N/1400N/2500N/5100N support IPv6, tunneling (including GRE and multi-layer tunnels), and
inspection bypass rules for trusted traffic.
IPS Local Clients
The TippingPoint System provides various points of interaction, management, and configuration of the
intrusion prevention system. The clients include graphical user interfaces (GUI) and command line
interfaces (CLI). These clients include the following:
•Local Security Manager (LSM) — Web-based GUI for managing one IPS device. The LSM provides
HTTP and HTTPS (secure management) access. This access requires access from a supported web
browser (Internet Explorer, Mozilla Firefox, and Netscape). Using the LSM, you have a graphical
display for reviewing, searching, and modifying settings. The GUI interface also provides reports to
monitor the device traffic, triggered filters, and packet statistics.
•Command Line Interface (CLI) — Command line interface for reviewing and modifying settings on the
device. The CLI is accessible through Telnet and SSH (secure access).
•LCD Panel — Several IPS TippingPoint devices provide an LCD panel to view, configure and modify
some device settings.
4 System Overview
Core Controller
The TippingPoint Core Controller is a hardware-based device that enables inspection of up to 20 Gbps of
traffic by sending the traffic to as many as 24 IPS device segments. The CoreController can control traffic
across its three 10GbE network segment pairs and across multiple TippingPoint E-Series IPS devices. IPS
devices are connected by 1GbE uplinks, and each packet that is received on a 10GbE CoreController
interface passes through a load balancer that then determines the IPS connection to use for transmitting the
packet.
The Core Controller provides:
•10GbE bidirectional traffic inspection and policy enforcement
•High Availability with an optional Smart ZPHA module
•Central management through the SMS
NOTE: The Core Controller can be used with the 2400E and 5000E IPS devices, and with all N-Platform
and NX-Platform devices.
High Availability
TippingPoint devices are designed to guarantee that your network traffic always flows at wire speeds in the
event of internal device failure. The TippingPoint System provides Network High Availability settings for
Intrinsic Network HA (INHA) and Transparent Network HA (TNHA). These options enact manually or
automatically, according to settings you enter using the clients (LSM and SMS) or LCD panel for IPS
devices. Zero-Power High Availability (ZPHA) is available for the IPS as an external modular device, as
optional bypass I/O modules on NX-Platform devices, and for the Core Controller as an optional Smart
ZPHA module.
The IPS uses INHA for individual device deployment and TNHA for devices deployed in redundant
configurations in which one device takes over for another in the event of system failure. With INHA, a
failure puts the device into Layer-2 Fallback mode and permits or blocks traffic on each segment. In TNHA,
multiple IPS devices are synchronized so that when one device experiences a system failure, traffic is routed
to the other device with no interruption in intrusion prevention services.
SMS high availability provides continuous administration through an active-passive SMS system
configuration. A passive SMS is configured, synchronized with the active system, and waits in standby
mode and monitors the health of the active system. If the health or communications check fails, the passive
SMS will be activated.
The ZPHA modular device can be attached to an IPS to route traffic in the event of power loss. Smart ZPHA
modules, which are wired into the device, and bypass I/O modules, which are installed directly into
NX-Platform devices, perform the same function.
Threat Suppression Engine
The Threat Suppression Engine (TSE) is a line-speed hardware engine that contains all the functions
needed for Intrusion Prevention, including IP defragmentation, TCP flow reassembly, statistical analysis,
traffic shaping, flow blocking, flow state tracking and application-layer parsing of over 170 network
protocols.
The TSE reconstructs and inspects flow payloads by parsing the traffic at the application layer. As each
new packet of the traffic flow arrives, the engine re-evaluates the traffic for malicious content. The instant
the engine detects malicious traffic, it blocks all current and all subsequent packets pertaining to the traffic
flow. The blocking of the traffic and packets ensures that the attack never reaches its destination.
The combination of high-speed network processors and custom chips provide the basis for IPS technology.
These highly specialized traffic classification engines enable the IPS to filter with extreme accuracy at
gigabit speeds and microsecond latencies. Unlike software-based systems whose performance is affected
TippingPoint 10/110/330 Hardware Installation and Safety Guide 5
by the number of filters installed, the highly-scalable capacity of the hardware engine allows thousands of
filters to run simultaneously with no impact on performance or accuracy.
Threat Management Center
The Threat Management Center (TMC) is a centralized service center that monitors global threats and
distributes up-to-date attack filter packages, software updates, and product documentation.
The Threat Management Center (TMC) collects threat information and creates Digital Vaccine packages
that are made available on the TMC web site. The packages include filters that block malicious traffic and
attacks on your network. The filters provide the following protections:
•Application Protection — Defend against known and unknown exploits that target applications and
operating systems:
• Attack Protection filters — Detect and block traffic known to be malicious, suspicious, and to have
known security implications. These filters include the following: Vulnerabilities and Exploits filters.
• Security Policy filters — Detect and block traffic that may or may not be malicious. This traffic may
be different in its format or content from standard business practice, aimed at specific software or
operating systems, or contrary to your company’s security policies.
• Reconnaissance filters — Detect and block scans, sweeps, and probes for vulnerabilities and
information about your network. These filters include the following: Probes and Sweeps/Scans
filters.
• Informational filters — Detect and block classic Intrusion Detection System (IDS) infiltration
•Infrastructure Protection — Protect network bandwidth and network infrastructure elements such as
routers and firewalls from attack using a combination of filter types:
• Advanced DDoS filters — Available on the 2400E and 5000E. Detect and block denial of service
and flood requests, such as SYN Requests, that can overwhelm a system.
• Network Equipment Protection filters — Protect networked equipment from attacks
• Traffic Normalization filters — Detect and block abnormal or malicious traffic
•Performance Protection — Allow key applications to have prioritized bandwidth access setting that
ensure mission critical applications have adequate performance during times of high congestion:
• Misuse and Abuse filters — Protect the resources and usage of file sharing across networks and
personal computers. These filters protect peer-to-peer services.
• Traffic Management filters — Protect the network by shielding against IP addresses or permitting
only a set of IP addresses
6 System Overview
TippingPoint 10/110/330 Hardware Installation and Safety Guide 7
2 TippingPoint Hardware Safety and Compliance
This document describes TippingPoint product regulatory compliance and provides safety requirements and
warnings.
Overview
Before installing your TippingPoint product, you must read through all preparation instructions and safety
requirements.
•”Safety and Compliance Requirements” on page 7
•”Rack and Clearance Requirements” on page 10
•”Ventilation and Location” on page 10
•”Environmental Requirements” on page 11
•”Reliable Earthing” on page 11
•”ESD Requirements” on page 11
•”Hot Swapping Guidelines” on page 11
•”Unpack the Product” on page 12
Safety and Compliance Requirements
For detailed regulatory compliance information, refer to the HP TippingPoint Hardware Safety and
Compliance Guide, available on the TMC and included with your product.
Safety Guidelines and Warnings
Before you start the installation procedures, read this entire section for important information and safety
warnings.
If not properly installed and maintained, electrical circuitry equipment can pose dangers to both personnel
and equipment. To prevent accidents, adhere to the following guidelines to ensure general safety:
•Remove any dust from the area and keep the area around the product clear and dust-free during and
after installation.
•Wear safety glasses if you are working under conditions that might be hazardous to your eyes.
•This product has serviceable modules and hot-swappable power supplies. It has no other serviceable
parts inside.
Cautions
Cautions tell you how to avoid a serious loss that stops short of physical damage such as the loss of data,
time, or security. Cautions tell you what you should or should not do to avoid such losses, and the
consequences of not heeding the caution.
CAUTION: Do not power up the equipment while you install and connect the system.
If you connect the power improperly and then apply power, the cards and chassis could be damaged.
You are responsible for installing an AC power disconnect for the entire rack unit. This main disconnect
must be readily accessible, and it must be labeled as controlling power to the entire unit, not just to the
server.
8 TippingPoint Hardware Safety and Compliance
CAUTION: The equipment rack must be anchored to an unmovable support to prevent it from falling over
when one or more servers are extended in front of it on slide assemblies. The equipment rack must be
installed according to the manufacturer’s instructions. You must also consider the weight of any other
device installed in the rack.
Make sure that the chassis cooling fans run continuously while the system is powered.
CAUTION: Make sure all cards are completely connected to the backplane. Improper connections can
disrupt system operation.
Warnings
Warnings tell you how to avoid physical injury to people or equipment. For people, injury includes
anything from temporary conditions, such as pain, to irreversible conditions such as death. For equipment,
injury means anything requiring repair. Warnings tell you what you should or should not do, and the
consequences of not heeding the warning.
Installation Warnings
WARNING! Only trained and qualified personnel should install, replace, or service this equipment.
Disconnect the power and network cables before servicing.
WARNING! Read all of the installation instructions before you connect the system to its power source.
WARNING! When installing the product, always make the ground connection before applying power to
the unit. This equipment needs to be grounded to an external ground connection. Use a green and yellow
14 AWG ground wire to connect the host to earth ground during normal use. Disconnect the ground
connection only when the unit is completely powered down.
WARNING! On the product during this procedure, wear grounding wrist straps to avoid ESD damage to
cards and modules. Do not directly touch the backplane with your hand or any metal tool, or you could
shock yourself.
WARNING! To prevent personal injury or damage to the chassis, lift the chassis from underneath its lower
edge.
WARNING! This equipment is to be installed and maintained by service personnel only as defined by
AS/NZS 60950-1 Service Personnel.
WARNING! The Installation of this product must comply with local and national electrical codes.
TippingPoint 10/110/330 Hardware Installation and Safety Guide 9
WARNING! This unit is intended for installation in restricted access areas only.
WARNING! This product requires short-circuit (overcurrent) protection, to be provided as part of the
building installation. Install only in accordance with national and local wiring regulations.
WARNING! Do not work on the system or connect or disconnect cables during periods of lightning
activity.
WARNING! To prevent the unit from overheating, do not operate it in an area that exceeds the maximum
recommended ambient temperature of 104° F (40° C). To prevent airflow restriction, allow at least 3 inches
(7.6 cm) of clearance around the ventilation openings.
WARNING! Enclosed racks may have higher ambient temperatures than open racks. Ensure enclosed
racks ambient temperatures do not exceed maximum recommended ambient temperature of 104 °F (40 °C)
WARNING! The final disposal of this product must be done according to all national laws and
regulations.
Parts Warnings
WARNING! Do not operate the system unless all cards and top cover is in place.
WARNING! On the product, do not operate the system unless all cards, faceplates, front covers, and rear
covers are in place. Blank faceplates and cover panels serve three important functions: they prevent
exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference
(EMI) that could disrupt other equipment; and they direct the flow of cooling air through the chassis.
WARNING! To reduce the risk of fire, use only No. 26 AWG or larger telecommunication line cord.
WARNING! Risk of explosion if battery is replaced by an incorrect type. Dispose of used batteries
according to the instructions.
WARNING! When connecting equipment to IT power distributions, Phase to phase voltage must not
exceed 240 V.
10 TippingPoint Hardware Safety and Compliance
WARNING! The ports on the front of the product are Safety Extra-Low Voltage (SELV) circuits. SELV circuits
should only be connected to other SELV circuits.
WARNING! This product might have more than one power supply source. All power sources must be
removed to de-energize the unit.
WARNING! Never touch uninsulated telephone wires or terminals unless the telephone line has been
disconnected at the network interface.
WARNING! All optical interfaces and sources connected to this product and its modules must only use
Class 1 lasers. Using any other Laser Class source can create hazardous conditions to the user.
WARNING! This product can contain Class 1 lasers. Do not stare into the laser beam or view it directly
with optical instruments. Install covers for the laser connectors when they are not in use.
WARNING! The cards and modules can get hot during operation. When removing a card or module,
hold it by the faceplate and bottom edge. Allow the card or module to cool before touching any other part
of it or before placing it in an antistatic bag.
WARNING! The product uses double pole/neutral fusing. Use caution when servicing this product.
Rack and Clearance Requirements
Tipping Point recommends that you mount the product in a standard 19-or 23-inch rack. The vertical hole
spacing on the rack rails must meet standard EIA-310-C requirements, which call for a 1.75 inch (44.45
mm) spacing. Ensure that you have a minimum of three inches clearance at the side of the ventilation slots.
Ventilation and Location
Ventilation and proper location are essential to the proper operation of the product. Follow these
guidelines to ensure that the product receives adequate ventilation.
•When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the
heaviest component at the bottom of the rack.
•Ensure that the unit is positioned properly on the rack
•There should be three inches clearance at the ventilation openings.
•When mounting this unit in an enclosed or multi-rack assembly, the operating ambient temperature of
the rack may be greater than the room ambient temperature. Ensure that the maximum ambient
temperature of 104° F (40 ° C) is not exceeded.
TippingPoint 10/110/330 Hardware Installation and Safety Guide 11
Environmental Requirements
For the product to run properly, your environment must meet the proper criteria. The following table details
the recommendations for temperature, humidity, and altitude settings for the Service Provider (SP)
environment.
Reliable Earthing
Ensure that an external grounding connection is available for the product and follow these guidelines:
•For AC-powered products, use only the AC power cords that have been provided with the product.
Using other cords could be hazardous to your safety.
•For DC-powered products, ensure that the product is grounded to the ground termination connector
labeled with the IEC 60417-5019 symbol:
Always make the ground connection first when you install the product, ensuring that it is in place before
turning on the power or connecting any network cables. When disconnecting the product, remove the
ground connection last, only after the power has been completely turned off and all cables have been
disconnected.
ESD Requirements
Damage from Electromagnetic Static Discharge (ESD) can occur when electronic components are
improperly handled. Its results can be complete or intermittent system failures. Proper ESD protection is
required whenever you handle equipment. It is not necessary to open the product chassis to add or remove
any components. The following general grounding guidelines apply in the event that a power supply
module or ZPHA module must be replaced.
•Always use an ESD wrist strap when adding or removing components from the chassis.
•Avoid touching the circuit boards or connectors on all cards and modules.
•Avoid contact between the printed circuit boards and clothing. The wrist strap only protects components
from ESD voltages on the body. ESD voltages on clothing can still cause damage.
•Place a removed component board-side-up on an antistatic surface or in a static-shielding container
that is also grounded to the same point as the IPS. If you plan to return the component to the factory,
immediately place it in a static-shielding container.
Hot Swapping Guidelines
Hot swapping allows you to remove and replace cards without disconnecting power to the system. Some
TippingPoint devices allow you to hot swap cards or modules. The TippingPoint has a comprehensive
detection system that senses automatically when you add or remove a card or module. It then runs
diagnostic and discovery routines and acknowledges the presence or absence of the card.
Table 2-1 Environmental Requirements
Environmental
Specifications
Description
Temperature 0 to 40 ° C (32 to 104 ° F) — Operating
-20 to 80° C (-4 to 176 ° F) — Storage
Humidity 5 to 95% (non-condensing)
Altitude No degradation up to 10,000 feet above sea level
12 TippingPoint Hardware Safety and Compliance
If you remove a card or module and replace it with the same type of card or module, the system resumes
operation without any operator intervention.
•Do not force the card or module into its slot. This can damage the pins on the backplane if they are not
aligned properly with the card or module.
•Ensure that the card or module is straight and not at an angle when you install it in the slot, which can
damage the equipment. Use the guide rails to install the card or module correctly.
•Fully depress the ejector tabs to ensure that the card connector mates with the backplane correctly.
Firmly seat the card in the slot by locking the card with the black levers.
Unpack the Product
Each chassis is securely packaged in a shipping box.
CAUTION: ESD can damage the product if you do not take necessary precautions. Installation and
maintenance personnel should be properly grounded using ground straps to eliminate the risk of ESD
damage to the equipment. All cards and modules are subject to ESD damage whenever they are removed
from the chassis.
Use caution when opening the product boxes.
To unpack the product, complete the following steps:
1. Inspect the packing container. If you see any damage or other signs of mishandling, inform both the
local freight provider and TippingPoint before unpacking. Your freight provider can provide you with the
procedures necessary to file a claim for damages.
2. Carefully open the box.
3. Remove all packing material.
4. Verify the contents in the shipping package. Compare the packing list to your shipment and to your
order. Are all items included? If items are missing, contact your TippingPoint sales or field
representative.
5. Remove the chassis from the box.
6. Open the accessory kit. It contains the cables, documentation, and management software.
7. Inspect all the equipment inside for damage. If you think any equipment might be damaged, contact
your freight provider for how to lodge a damage claim. Also, contact your TippingPoint sales or field
representative for instructions.
NOTE: The shipping materials are recyclable. Please save for later use or dispose of
them appropriately.
This manual suits for next models
3
Table of contents
Other HP Security System manuals
Popular Security System manuals by other brands
Climax Technology
Climax Technology vesta series user manual
Honeywell
Honeywell ADEMCO VISTA-10P Quick guide to user functions
Bosch
Bosch PR111B Reference manual
Honeywell
Honeywell NOTIFIER DSE3-23 Series quick start guide
Rescue Alert
Rescue Alert RA400 user manual
Saferhome
Saferhome HB-G100 Series user manual
